<?php

!defined('IN_NOVA') && exit('Access Denied!');

class Users {

	public function start() {
		global $cache,$request;

		$action = $request->get( 'p', 'G' );

		switch( $action ) {
		case 'del':
		    $this->user_del();
			break;
		case 'batchexe':
		    $this->batch_exe();
			break;
		case 'editexe':
		    $this->edit_exe();
			break;
		default:
			$this->show( $action );
		}
	}

	function batch_exe() {
		global $cache,$request,$db;
		$control = $request->get( 'Control','P' );
		$sql = $request->get( 'SQL','P' );
		if( $control == '删除' ) {
			if( strpos($sql,'u_id=1') === false ) {
				$db->query( "UPDATE `" . DB_PREFIX . "user` SET u_isdel=1 WHERE ( $sql )" );
				$cache->refresh( 'count', TRUE );
				$this->show( 'list', '批量删除用户成功', 'warning' );
			}else{
				$this->show( 'list', '创始人不能删除', 'error' );
			}
		}
	}

	function edit_exe() {
		global $db,$request;
		$uid = $request->get( 'uid','P','int' );
		$user_name = $request->get( 'username','P' );
		$user_group = $request->get( 'usergroup','P','int' );
		$pass_word = $request->get( 'password','P' );
		$db->query( "UPDATE `" . DB_PREFIX . "user` SET u_username='$user_name',u_group=$user_group WHERE u_id=$uid" );
		if( $pass_word != '' ) $db->query( "UPDATE `" . DB_PREFIX . "user` SET u_password='" . strtoupper( md5( APP_PREFIX . $pass_word ) ) . "' WHERE u_id=$uid" );
		$this->show( 'list', '编辑用户成功', 'warning' );
	}

	private function show( $action, $message = '', $type = '' ) {
		global $cache;
		if( $message != '' ) {
			$message = '<p class="' . $type . '">' . $message . '</p>';
		}
		@header("content-type: text/html; charset=utf-8");
?>
<div class = "admin_panel">
	<div class = "admin_title"><?php echo L('_USER_MANAGEMENT_'); ?></div>
	<div class = "admin_content">
	<?php
		echo $message;
		switch( $action ) {
		case 'edit':
		    $this->user_edit();
			break;
		case 'batch':
			$this->user_list( 'batch' );
			break;
		default:
			$this->user_list();
		}
	?>
	</div>
</div>
<?php
	}

	function user_list( $action = 'list' ) {
		global $db,$request;
		if( $action == 'batch' ) {
			$id_arr = array();
			$id_arr = $request->get( 'id_arr','P','array' );
			$control = $request->get( 'Control','P' );
			$size = count( $id_arr );
			if( $size == 0 ) {
				obclean();
				$this->show( 'list', '您没有选中任何用户', 'error' );
				return;
			}
			$sql = '';
			for( $i=0; $i<$size; $i ++ ){
				$sql .= 'u_id=' . $id_arr[$i] . ' OR ';
			}
			$sql = substr( $sql,0,-4 );
			$user_array = $db->fetch_all( "SELECT u_id,u_username,u_group,u_email,u_qqnum,u_index,u_ip,u_time FROM `" . DB_PREFIX . "user` WHERE u_isdel=0 AND ( $sql )" );
		}else{
			$user_array = $db->fetch_all( "SELECT u_id,u_username,u_group,u_email,u_qqnum,u_index,u_ip,u_time FROM `" . DB_PREFIX . "user` WHERE u_isdel=0" );
		}
?>
<?php if( $action == 'list' ) { ?><form name="smslist" action="index.php?m=users&p=batch" method="post"><?php } ?>
	<div style="padding:5px;margin:2px;">
		<table <?php if( $action == 'list' ) { ?>class="pickme"<?php } ?> style="table-layout: fixed;word-wrap: break-word;" width="100%" border="0" cellpadding="0" cellspacing="1" bgcolor="#bbbbbb">
			<thead>
				<tr align="center" height="22" bgcolor="#ffffff">
					<td width="3%"><?php if( $action == 'list' ) { ?><input type="checkbox" name="allbox" onclick="CheckAll();"><input type="checkbox" id="ckbox" style="display:none;" disabled><?php } ?></td>
					<td width="4%">序号</td>
					<td width="10%">用户名</td>
					<td width="8%">用户组</td>
					<td width="15%">电子邮箱</td>
					<td width="10%">Q Q</td>
					<td width="14%">主页</td>
					<td width="10%">上次登录ip</td>
					<td width="13%">上次登录时间</td>
					<td width="13%">管理操作</td>
				</tr>
			</thead>
			<tbody>
				<?php
				$i = 1;
				foreach( $user_array as $value ) {
					$value['u_email'] = split( "\|", $value['u_email'] );
				?>
				<tr align="center" height="20" bgcolor="#ffffff">
					<td ><?php if( $action == 'list' ) { ?><input type="checkbox" id="ckbox" name="id_arr[]" value="<?php echo $value['u_id'] ?>" /><?php } ?></td>
					<td><?php echo $i ?></td>
					<td><?php echo $value['u_username'] ?></td>
					<td><?php if( $value['u_group'] > 7 ) { echo '管理员'; }else{ echo '注册用户'; } ?></td>
					<td><?php echo $value['u_email'][0] ?></td>
					<td><?php if( $value['u_qqnum'] == 0 ) { echo ''; }else{ echo $value['u_qqnum']; } ?></td>
					<td><?php echo $value['u_index'] ?></td>
					<td><?php echo $value['u_ip'] ?></td>
					<td><?php echo date('Y-m-d',$value['u_time']) ?></td>
					<td><?php if( $action == 'list' ) { ?>
						<span class="Control">
						<a href="index.php?m=users&p=edit&id=<?php echo $value['u_id'] ?>">编辑</a>&nbsp; &nbsp;
						</span>
						<?php } ?>
					</td>
				</tr>
					<?php
					$i ++;
				}
				?>
			</tbody>
		</table>
	</div>
<?php if( $action == 'list' ) { ?>
	<div align="center">批量管理选项: <input type="radio" name="Control" value="删除" checked="checked"/>删除 <input type="submit" name="Submit" class="main_button" value="执行操作" /></div>
<?php }else{ ?>
	<div style="padding:5px;margin:2px;">
	<form name="smslist" action="index.php?m=users&p=batchexe" method="post">
		<input type="hidden" name="SQL" value="<?php echo $sql ?>"/>
	<?php
		if( $control == '删除' ) {
	?>
		<input type="hidden" name="Control" value="删除"/>
		<input type="submit" name="submit" class="main_button" value="确认删除" />
	<?php
		}
	?>
	</form>
	</div>
<?php } ?>
	<div class="main_button"></div>
<?php if( $action == 'list' ) { ?></form><?php } ?>
<?php
	}

	function user_edit() {
		global $db,$request;
		$id = $request->get( 'id','G','int' );
		if( $id == 1 ) {
			obclean();
			$this->show( 'list', '创始人不能编辑', 'error' );
			return;
		}
		$user_info = $db->fetch_one_array( "SELECT u_username,u_group FROM`" . DB_PREFIX . "user` WHERE u_id=$id" );
?>
			<fieldset>
			<legend> 编辑用户</legend>
				<div align="left">
				<form action="index.php?m=users&p=editexe" method="post">
				<input name="uid" type="hidden" value="<?php echo $id ?>"/>
				<table border="0" cellpadding="2" cellspacing="1">
					<tr>
						<td width="180"><div align="right">用户名&nbsp;&nbsp;</div></td>
						<td align="left"><input name="username" type="text" class="main_Text" size="30" maxlength="50" value="<?php echo $user_info['u_username'] ?>"/></td>
					</tr>
					<tr>
						<td width="180"><div align="right">用户组&nbsp;&nbsp;<div class="main_Tips">1 为注册用户，8 为管理员&nbsp;&nbsp;</div></div></td>
						<td align="left"><input name="usergroup" type="text" class="main_Text" size="30" maxlength="5" value="<?php echo $user_info['u_group'] ?>"/></td>
					</tr>
					<tr>
						<td width="180"><div align="right">用户密码&nbsp;&nbsp;<div class="main_Tips">不改请留空&nbsp;&nbsp;</div></div></td>
						<td align="left"><input name="password" type="text" class="main_Text" size="30" maxlength="20" /></td>
					</tr>
					<tr>
						<td width="180"><div align="right"></div></td>
						<td align="left"><input type="submit" name="Submit" class="main_button" value="编辑" /></td>
					</tr>
				</table>
				</form>
			</fieldset>
			<div class="main_button"></div>
<?php
	}
}
?>
